From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tuhs-bounces@minnie.tuhs.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id a4c30990
	for <ml@inbox.vuxu.org>;
	Fri, 15 Nov 2019 14:40:35 +0000 (UTC)
Received: by minnie.tuhs.org (Postfix, from userid 112)
	id 5D7B89C2E8; Sat, 16 Nov 2019 00:40:34 +1000 (AEST)
Received: from minnie.tuhs.org (localhost [127.0.0.1])
	by minnie.tuhs.org (Postfix) with ESMTP id B7E5093DAA;
	Sat, 16 Nov 2019 00:40:12 +1000 (AEST)
Authentication-Results: minnie.tuhs.org;
	dkim=pass (2048-bit key; unprotected) header.d=bsdimp-com.20150623.gappssmtp.com header.i=@bsdimp-com.20150623.gappssmtp.com header.b="audQaV0e";
	dkim-atps=neutral
Received: by minnie.tuhs.org (Postfix, from userid 112)
 id C2A2A93DAA; Sat, 16 Nov 2019 00:40:10 +1000 (AEST)
Received: from mail-qt1-f176.google.com (mail-qt1-f176.google.com
 [209.85.160.176])
 by minnie.tuhs.org (Postfix) with ESMTPS id DE33393DA9
 for <tuhs@tuhs.org>; Sat, 16 Nov 2019 00:40:09 +1000 (AEST)
Received: by mail-qt1-f176.google.com with SMTP id g50so11032260qtb.4
 for <tuhs@tuhs.org>; Fri, 15 Nov 2019 06:40:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bsdimp-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=zcpF2zihOPyqTuhWs3BAjtO4aGwxiAuzsQu/mIFHQR0=;
 b=audQaV0et01NQVa6qolmY+EzclsQCG0P5L8XNtZIwGt2Dfm1mHXpLEZZ2xUavHgNAW
 2N875LGQqsbXbnBTpEbliFlKVCqiyEywpc14qORpclegSBPjN94uNoCwTmAPqxKpmAvl
 Gn79mqfEc6dDuCplyBLGevoyesgjfClFLeXp0+nbSthNWDWa4OFO+HAtN51KEFyjHeIo
 BeDwpcXTQwoAup8ZpkWi+M3LpDbV3DG2pFDVUAwekMQk3qpcaePHQms5UDhYuUcqAtgH
 LzbKXY/VpaZcdm0WLkJR7P5O0yz8aj9zLyRHFyxnYS3g1B/RwJ4DR3bZnoBwd3FiUet6
 EVXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=zcpF2zihOPyqTuhWs3BAjtO4aGwxiAuzsQu/mIFHQR0=;
 b=hZ6+iCp9t3K4mnA59Srl47GECHXPjV3M9HLL6qvjUked8ZiPHNta8ElzrersnPuipr
 pdpd8zOnqD1/vLc+uAZZXxgZVd4EXHVGUIsIeLsuc++BE8mc0HLch09sYCMFOJ3XbXKn
 2B71ehVY82jK3+irIa7RgjnxqykgTwfFvOCjv1N/Qdk3LdYQ92G/UWgur0J7UQUUNHNt
 nrFvzbHWwyewoPUSg9z9oEKgFbtB85DxfsZgISlUfMzL17uhZN/egzoPnhDFjQ30l65l
 w2yJLcRgL1b+NAmc9Rt4SbNuqKIHSIcH85pfVekbjlGehw2B4OO7+zqnKCxVH5xtVeF8
 W/+g==
X-Gm-Message-State: APjAAAWplKJxQLQ7C5MRfqbHuNE9N+doKwL5oYnmoWYWmhRuixZw3kTt
 0StQ2uLCsfK2vMV7OwFeipTWsPj8LH8biKnzPqNPSw==
X-Google-Smtp-Source: APXvYqytRGw9tOjSlA7XBgPZDyZBazfgFxOXWy0GhpYDLVxXU7nWUjDpdhZZyfI/qK836rZRWglfMYF1smbjLEcmnhs=
X-Received: by 2002:ac8:6697:: with SMTP id d23mr13357376qtp.32.1573828808729; 
 Fri, 15 Nov 2019 06:40:08 -0800 (PST)
MIME-Version: 1.0
References: <201911151431.xAFEVKCO029897@coolidge.cs.Dartmouth.EDU>
In-Reply-To: <201911151431.xAFEVKCO029897@coolidge.cs.Dartmouth.EDU>
From: Warner Losh <imp@bsdimp.com>
Date: Fri, 15 Nov 2019 07:39:57 -0700
Message-ID: <CANCZdfo4Mq=-TG3L25_B29w+Hws_0V=eNNea=Vi0VH36NAt1Rg@mail.gmail.com>
To: Doug McIlroy <doug@cs.dartmouth.edu>
Content-Type: multipart/alternative; boundary="00000000000014fc7a0597639399"
Subject: Re: [TUHS] Happy birthday, Morris worm
X-BeenThere: tuhs@minnie.tuhs.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: The Unix Heritage Society mailing list <tuhs.minnie.tuhs.org>
List-Unsubscribe: <https://minnie.tuhs.org/cgi-bin/mailman/options/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=unsubscribe>
List-Archive: <http://minnie.tuhs.org/pipermail/tuhs/>
List-Post: <mailto:tuhs@minnie.tuhs.org>
List-Help: <mailto:tuhs-request@minnie.tuhs.org?subject=help>
List-Subscribe: <https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=subscribe>
Cc: The Eunuchs Hysterical Society <tuhs@tuhs.org>
Errors-To: tuhs-bounces@minnie.tuhs.org
Sender: "TUHS" <tuhs-bounces@minnie.tuhs.org>

--00000000000014fc7a0597639399
Content-Type: text/plain; charset="UTF-8"

On Fri, Nov 15, 2019, 7:32 AM Doug McIlroy <doug@cs.dartmouth.edu> wrote:

> > That was the trouble; had he bothered to test it on a private network (as
> > if a true professional would even consider carrying out such an act)[*]
> he
> > would've noticed that his probability calculations were arse-backwards
>
> Morris's failure to foresee the results of even slow exponential
> growth is matched by the failure of the critique above to realize
> that Morris wouldn't have seen the trouble in a small network test.
>
> The worm assured that no more than one copy (and occasionally one clone)
> would run on a machine at a time. This limits the number of attacks
> that any one machine experiences at a time to roughly the
> number of machines in the network. For a small network, this will
> not be a major load.
>
>
> The worm became a denial-of-service attack only because a huge
> number of machines were involved.
>
> I do not remember whether the worm left tracks to prevent its
> being run more than once on a machine, though I rather think
> it did. This would mean that a small network test would not
> only behave innocuously; it would terminate almost instantly.
>

it had code to do that, but IIRC, there were bugs in that code that
prevented it being completely effective in some cases... the sorts of
cases, though, that a small scale test wouldn't likely catch.

Warner

--00000000000014fc7a0597639399
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Fri, Nov 15, 2019, 7:32 AM Doug McIlroy &lt;<a href=
=3D"mailto:doug@cs.dartmouth.edu">doug@cs.dartmouth.edu</a>&gt; wrote:<br><=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex">&gt; That was the trouble; had he bothe=
red to test it on a private network (as<br>
&gt; if a true professional would even consider carrying out such an act)[*=
] he<br>
&gt; would&#39;ve noticed that his probability calculations were arse-backw=
ards<br>
<br>
Morris&#39;s failure to foresee the results of even slow exponential<br>
growth is matched by the failure of the critique above to realize<br>
that Morris wouldn&#39;t have seen the trouble in a small network test.<br>
<br>
The worm assured that no more than one copy (and occasionally one clone)<br=
>
would run on a machine at a time. This limits the number of attacks<br>
that any one machine experiences at a time to roughly the<br>
number of machines in the network. For a small network, this will<br>
not be a major load.<br>
<br>
<br>
The worm became a denial-of-service attack only because a huge<br>
number of machines were involved.<br>
<br>
I do not remember whether the worm left tracks to prevent its<br>
being run more than once on a machine, though I rather think<br>
it did. This would mean that a small network test would not<br>
only behave innocuously; it would terminate almost instantly.<br></blockquo=
te></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">it had code to=
 do that, but IIRC, there were bugs in that code that prevented it being co=
mpletely effective in some cases... the sorts of cases, though, that a smal=
l scale test wouldn&#39;t likely catch.</div><div dir=3D"auto"><br></div><d=
iv dir=3D"auto">Warner</div></div>

--00000000000014fc7a0597639399--